guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#31487] [PATCH] gnu: Add upx.

From: Ludovic Courtès
Subject: [bug#31487] [PATCH] gnu: Add upx.
Date: Mon, 28 May 2018 09:55:01 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) 
Hi Pierre,

Pierre Neidhardt <address@hidden> skribis:

> Ludovic Courtès <address@hidden> writes:
>
>> There’s one issue left though:
>>
>>   $ ./pre-inst-env guix lint upx
>>   gnu/packages/compression.scm:2179:2: address@hidden: probably vulnerable 
>> to CVE-2017-15056, CVE-2017-16869
>>
>> Could you check whether patches are available for these?  Better be safe
>> than sorry!
>
> Indeed they are.
> They are not on the master branch though, only devel I think.
> So what's the protocol here?  Shall we cherry-pick the fixing commits or
> get latest devel?

Yes.  You can add them as individual patches (see commit
aa8ac0294421d465f60e18c8271f971ec8407a95 for an example); as usual, make
sure each patch starts with a few lines explaining what the patch does
and where it comes from (you can take the commit log for that plus a
repo URL, for instance.)

Then you can check that ‘guix lint upx’ is happy.

TIA!

Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]